How severe is CVE-2018-13813?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2018-13813?

This is classified as CWE-601, which is a common weakness in software security.

CVE-2018-13813

HIGH Year: 2018

CVSS v3 Score

8.1

High

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-601

View all →

Vulnerability Description

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVE-2016-5385

HIGH

CVSS:8.1(High)

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY envir...

CWE-6012016

CVE-2018-1251

HIGH

CVSS:8.1(High)

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unit...

CWE-6012018

CVE-2022-20764

HIGH

CVSS:8.1(High)

Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) conditi...

CWE-6012022

CVE-2023-25734

HIGH

CVSS:8.1(High)

After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This ...

CWE-6012023

CVE-2024-22243

HIGH

CVSS:8.1(High)

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open ...

CWE-6012024

CVE-2024-22259

HIGH

CVSS:8.1(High)

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be v...

CWE-6012024

CVE-2018-13813

Vulnerability Description

Related Vulnerabilities

CVE-2016-5385

CVE-2018-1251

CVE-2022-20764

CVE-2023-25734

CVE-2024-22243

CVE-2024-22259